Application Security Engineer // Contentful
Contentful provides content infrastructure for digital teams to power websites, apps, and devices. Unlike a CMS, Contentful was built to integrate with the modern software stack. It offers a central hub for structured content, powerful management and delivery APIs, and a customizable web app that enables developers and content creators to ship their products faster. Companies including Spotify, Red Bull, WeWork, Lyft, and Urban Outfitters rely on Contentful to manage content as part of their modern web stack.
Contentful is growing rapidly, backed by $80 million in funding from VC firms including Benchmark and General Catalyst, and strategic investors including Sapphire Ventures (SAP) and Salesforce Ventures.
We’re a fun team of more than 200 people from 44 nations, with offices in Berlin and San Francisco. Join us!
ABOUT THE ROLE
Contentful strives to build a secure and safe service and commits considerable effort and resources on security. Application Security and software development are fundamental pieces of Contentful’s security program – our Information Security Management System – ISMS.
As an Application Security Engineer at Contentful, you are part of the Engineering team responsible for our core applications and internal tools. This position is focused on managing vulnerabilities and securing the development process. You work closely with the Engineering teams to improve security in the code, and Product teams to design and guide the implementation of security features in the platform. You will be the subject matter expert in application security within the company, advocating good secure development practices and educating developers.
The goal of the Security team is to provide guidance and support to both Engineering and Product teams, enabling them to build a reliable and secure product. We follow a holistic approach to guarantee the safety, availability, and integrity of our customers’ data.
- Manage vulnerabilities and monitor their fixes
- Manage external, and perform your own, penetration tests
- Analyze source code for security vulnerabilities
- Run Contentful’s bug bounty program, analyzing and responding to reports
- Improve Secure Software Development Lifecycle
- Design product security solutions
- You understand and worked with micro-architecture and container infrastructure
- You performed penetration tests and source code security analysis
- Good understanding of AWS, kubernetes and docker technologies
- At least 3 years experience in the application security field
- Good understanding of OWASP Top Ten
- Excellent English communication skills, both verbal and written
NICE TO HAVE
- Experience running a responsible vulnerability disclosure program or reporting vulnerabilities to companies
- Familiar with AWS and the security mechanisms provided
- Experience with CI/CD tools
- Experience in ensuring security and privacy on the Internet
- Participation in the security community via meetups or talks in conferences
- Join an innovative tech company as we help drive the evolution of digital experiences to become ever-more ubiquitous and interactive. Be a part of helping companies build modern architectures for mission-critical applications
- Shape the future of Contentful: help us establish, scale, and improve our team’s processes
- Generous education budget complete with extra days off to be spent on your professional and self-development
- Be set up for success, equipped with the latest and greatest hardware
- Hang-out in one of our many shared spaces, playing games with colleagues or enjoying a full range of events, including workshops, on-site meetups, guest speakers, and fun events for the company and each team. Did we mention an annual off-site?
- Sharpen your PlayStation, ping pong, and kicker/fußball skills during breaks in the day
- As much artisan coffee as you can handle
- Brush up your language skills! Our team speaks more than 20 languages, and we offer free German classes
- Take a break and pat a pup, we are a dog-friendly office
- We fully support your move to Berlin with a relocation budget and visa assistance. We’ll help you settle into your exciting new city
- Plus, Contentful socks, oh yeah!
“Variety is the spice of life” — and a celebrated component of our culture. At Contentful, we strive to create an inclusive environment that empowers our employees. We believe that our products and services benefit from our diverse backgrounds and experiences and are proud to be an equal opportunity employer: all qualified applicants are considered for positions regardless of race, ethnic origin, gender, age, religion or belief, marital status, gender identification, sexual orientation, or disability. We look forward to your application!